12-06-2013 12:43 AM - edited 03-10-2019 09:09 PM
12-06-2013 04:13 AM
Hi Jeroen,
This is the only defect CSCuj95908 that is addressed in ISE 1.2 patch 4 from AD component. Is the patch successfully installed on the ISE node.
If possible can you try retrieving the groups & attributes by removing the Patch 4.
On my ISE node I am able to successfully retrieve the groups & attributes with ISE 1.2 patch 4.
12-06-2013 06:26 AM
Ok, that bug will probably be resolved soon.
I couldn't find the open caveats in the release notes
12-07-2013 11:56 AM
The issue you are referring to is documented in the following CDETS:
CSCul84544: Retrieval of AD groups or attributes is failing
This is not yet resolved. May be resolved in a future patch
The workaround given in the CDETS is
Fix the DNS server so that the reverse DNS lookup matches
I believe there are other steps that can be taken to mitigate this but would need intervention from TAC
12-16-2013 02:38 AM
Hi Jrabinow/JEROEN
i will install patch 4 , is it just the ISE can't retrieve new groups ? do users still authenticate against existing groups and
corresponding policies ?
12-16-2013 03:26 AM
Patch 4 will not resolve this. Fix will be in a future patch.
Issue impacts retrieval of groups from the GUI only (I corrected CDETS title to reflect this). Users are still able to authenticate against existing groups and corresponding policies
01-08-2014 03:50 AM
Patch 5 doesn't resolve this either.
01-08-2014 10:42 AM
This is not part of patch 5. Will be resolved in a 1.2 maintenance release called 1.2.1 that should be available some time in March.
in the interim I think there are a few options:
- manually enter group names
- contact TAC and quote the CDETS. There are some well understood workarounds that TAC can help you configure
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide